Grindahl-512

2008-03-31T09:39:34Z

Vincent: /* Generic Attacks */

== Specification ==

* Specification: [http://www2.mat.dtu.dk/people/Lars.R.Knudsen/grindahl/ Web page of the Grindahl hash functions]

* digest size: 512 bits
* max. message length: < 264 bits
* compression function: 64-bit message block, 104 byte state

<bibtex>
@inproceedings{fseKnudsenRT07,
author = {Lars R. Knudsen and Christian Rechberger and Søren S. Thomsen},
title = {The Grindahl Hash Functions},
pages = {39-57},
url = {http://dx.doi.org/10.1007/978-3-540-74619-5_3},
editor = {Alex Biryukov},
booktitle = {FSE},
publisher = {Springer},
series = {LNCS},
volume = {4593},
year = {2007},
isbn = {978-3-540-74617-1},
abstract = {In this paper we propose the Grindahl hash functions,
which are based on components of the Rijndael algorithm. To make collision
search sufficiently difficult, this design has the important feature that
no low-weight characteristics form collisions, and at the same time it limits
access to the state. We propose two concrete hash functions, Grindahl-256
and Grindahl-512 with claimed security levels with respect to collision,
preimage and second preimage attacks of 2128 and 2256, respectively. Both
proposals have lower memory requirements than other hash functions at comparable speeds and security levels.},
}
</bibtex>

== Cryptanalysis ==

=== Best Known Results ===
No attacks on Grindahl-512 are known.

----

=== Generic Attacks ===
* Grindahl is not a design following the Merkle-Damgaard construction principle. [[GenericAttacksHash| Generic Attacks on Hash Functions]]

----

=== Collision Attacks ===

----

=== Second Preimage Attacks ===

----

=== Preimage Attacks ===

----

=== Others ===

The ECRYPT Hash Function Website - User contributions [en]

Grindahl-512